bug(misconf): Panic observed in passing of `--tf-vars` #7084

simar7 · 2024-07-02T17:56:21Z

trivy  config --tf-vars config.tfvars --format json --output output.json .
2024-07-02T11:55:44-06:00	INFO	Misconfiguration scanning is enabled
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x10432e91c]

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser.(*evaluator).EvaluateAll(0x0, {0x108ec03d0, 0x140005fe230})
	github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser/evaluator.go:125 +0x2c
github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser.(*Parser).EvaluateAll(0x14009146c60, {0x108ec03d0, 0x140005fe230})
	github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser/parser.go:272 +0x64
github.com/aquasecurity/trivy/pkg/iac/scanners/terraform.(*Scanner).ScanFS(0x14002ef6300, {0x108ec03d0, 0x140005fe230}, {0x108e6ab40, 0x140047c5860}, {0x107ffa838, 0x1})
	github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/scanner.go:199 +0x4a0
github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan(0x14001ce74a0, {0x108ec03d0, 0x140005fe230}, {0x108e6ab40?, 0x140028bbe00?})
	github.com/aquasecurity/trivy/pkg/misconf/scanner.go:158 +0x1bc
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze(0x140003b3460, {0x108ec03d0?, 0x140005fe230?}, {{0x108e6ab40?, 0x140028bbe00?}, {0x9?, 0x0?}})
	github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:45 +0x38
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze({0x14002c5f9f0, {0x140026565c0, 0x3, 0x4}, {0x14003119600, 0x8, 0x8}, 0x14001ad9020}, {0x108ec03d0, 0x140005fe230}, ...)
	github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:493 +0x228
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect({{0x16d093730, 0x1}, {0x1337ffa18, 0x14002656580}, {0x108e6aaa0, 0x10bbcecc8}, {0x14002c5f9f0, {0x140026565c0, 0x3, 0x4}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:120 +0x37c
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0x0, 0x0, 0x0}, {0x14002c5f650, ...}, ...})
	github.com/aquasecurity/trivy/pkg/scanner/scan.go:156 +0xa4
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scan(_, {_, _}, {{{0x106c852a0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:628 +0x318
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x106c852a0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:254 +0x9c
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x106c852a0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:199 +0xac
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x106c852a0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:179 +0x1b8
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x106c852a0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x14001d11c50, ...}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:364 +0x424
github.com/aquasecurity/trivy/pkg/commands.NewConfigCommand.func2(0x14001faf208, {0x140002d7c00, 0x1, 0x7})
	github.com/aquasecurity/trivy/pkg/commands/app.go:711 +0x294
github.com/spf13/cobra.(*Command).execute(0x14001faf208, {0x140002d7b20, 0x7, 0x7})
	github.com/spf13/[email protected]/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x1400064bb08)
	github.com/spf13/[email protected]/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x106ce4973?)
	github.com/spf13/[email protected]/command.go:1039 +0x1c
main.run()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:39 +0x124
main.main()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:19 +0x20

mdirkse · 2024-07-03T21:57:58Z

I observe the same behaviour if I pass in a tf-vars file that doesn't exist.

simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Jul 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug(misconf): Panic observed in passing of `--tf-vars` #7084

bug(misconf): Panic observed in passing of `--tf-vars` #7084

simar7 commented Jul 2, 2024

mdirkse commented Jul 3, 2024

bug(misconf): Panic observed in passing of --tf-vars #7084

bug(misconf): Panic observed in passing of --tf-vars #7084

Comments

simar7 commented Jul 2, 2024

mdirkse commented Jul 3, 2024

bug(misconf): Panic observed in passing of `--tf-vars` #7084

bug(misconf): Panic observed in passing of `--tf-vars` #7084